SUSE-CU-2024:6119-1: Security update of suse/sle-micro/5.2/toolbox

sle-container-updates at lists.suse.com sle-container-updates at lists.suse.com
Fri Dec 6 08:26:22 UTC 2024 

SUSE Container Update Advisory: suse/sle-micro/5.2/toolbox
-----------------------------------------------------------------
Container Advisory ID : SUSE-CU-2024:6119-1
Container Tags        : suse/sle-micro/5.2/toolbox:13.2 , suse/sle-micro/5.2/toolbox:13.2-7.11.53 , suse/sle-micro/5.2/toolbox:latest
Container Release     : 7.11.53
Severity              : moderate
Type                  : security
References            : 1225451 1231795 1233307 1233393 CVE-2024-11168 
-----------------------------------------------------------------

The container suse/sle-micro/5.2/toolbox was updated. The following patches have been included in this update:

-----------------------------------------------------------------
Advisory ID: SUSE-SU-2024:4193-1
Released:    Thu Dec  5 12:01:40 2024
Summary:     Security update for python3
Type:        security
Severity:    low
References:  1231795,1233307,CVE-2024-11168
This update for python3 fixes the following issues:

- CVE-2024-11168: Fixed improper validation of IPv6 and IPvFuture addresses (bsc#1233307)

Other fixes:
- Remove -IVendor/ from python-config (bsc#1231795)

-----------------------------------------------------------------
Advisory ID: SUSE-RU-2024:4199-1
Released:    Thu Dec  5 14:47:26 2024
Summary:     Recommended update for libsolv, libzypp, zypper
Type:        recommended
Severity:    moderate
References:  1225451,1233393
This update for libsolv, libzypp, zypper fixes the following issues:

- Fix replaces_installed_package using the wrong solvable id when checking the noupdate map
- Make POOL_FLAG_ADDFILEPROVIDESFILTERED behaviour more standard
- Add rpm_query_idarray query function
- Support rpm's 'orderwithrequires' dependency
- BuildCache: Don't try to retrieve missing raw metadata if no permission to write the cache (bsc#1225451)
- RepoManager: Throw RepoNoPermissionException if the user has no permission to update(write) the caches (bsc#1225451)
- The 20MB download limit must not apply to non-metadata files like package URLs provided via the CLI (bsc#1233393)
- Don't try to download missing raw metadata if cache is not writable (bsc#1225451)


The following package changes have been done:

- libpython3_6m1_0-3.6.15-150300.10.78.1 updated
- libsolv-tools-base-0.7.31-150200.40.1 updated
- libsolv-tools-0.7.31-150200.40.1 updated
- libzypp-17.35.14-150200.132.1 updated
- python3-base-3.6.15-150300.10.78.1 updated
- zypper-1.14.78-150200.96.1 updated

More information about the sle-container-updates mailing list